I just bought a Galaxy S4, and it didn't connect to the WIFI in my house (I have a 14$ router). After a bit of testing, I've decided to leave my connection open without a password, but added the devices manually to the whitelisted MAC addresses.

Is that safer than having a regular password, that can be broken with brute
force, or another technique?

Is there any other solution that I can try connecting my cellphone to the router?

The errors I got were "getting IP Address", and after that "error: connection too slow....". I have a good connection.

3 Answers
3

MAC filtering is not a part of the 802.11 spec, and is instead shoved into wireless routers by (most) vendors. The reason why it's not a part of the 802.11 spec is because it provides no true security (via kerckhoff's principle).

In order for wireless to work, MAC addresses are exchanged in plaintext (Regardless of whether you're using WEP, WPA, WPA2, or an OPEN AP). For encrypted wireless, the MAC address is either a part of the initial handshake (used to derive the session key), and/or exposed during pre-encryption communications. In addition to all of these reasons, MAC filtering is also much more of a pain in the butt to upkeep than instituting something like WPA2-PSK.

Simply put, MAC filtering is not something that needs to be "cracked." In open networks, people simply only need to sniff the air and they will be able to see what devices are working, and then they can use oneofmany, many extremely simple tools to change their MAC address. In encrypted networks, they will need to sniff and grab a new handshake (which can easily be forced via a deauth attack). From there, they have access to your network.

My suggestion is to use WPA2-PSK with a strong key for personal networks or WPA2-Enterprise with a strong EAP mode (PEAP or TLS) for enterprise networks. The main difference between the two of these, aside from the method of authentication and authorization, is that with WPA2-PSK, if someone knows the PSK and can capture the handshake of a user, they can decrypt their stream. That is not possible with WPA2-Enterprise, because it uses EAP, which has a different encryption key per individual via the EAP mode. This is important because you wouldn't want just anybody with access to the network to be able to decrypt the CEO's wireless communications.

It is also important to note that with WPA2-PSK, your ESSID does play a part in the security of your network because of the following:

DK = PBKDF2(HMAC−SHA1, passphrase, essid, 4096, 256)

Essentially, WPA2-PSK uses your ESSID as the salt when running PBKDF2. For this reason, you should also attempt to keep your ESSID unique, to avoid attacks using rainbow tables.

In summation
- MAC filtering does not provide any level of "true" security
- Use WPA2-PSK if possible (Most smartphones do support it)
- Try to have a unique ESSID

First, it does nothing to protect data on the network. Second, MAC addresses can be easily spoofed and a valid MAC address can be sniffed off of any device connected to your network. It will only keep out the most basic of intruders (ie, someone who is non-technical and simply looking for free wifi.) It offers no serious protection to simply use MAC filtering and really only offers the most basic protection possible.

I disagree. Having poor encryption provides no real security, but it does give the impression that there is protection and no need to 'fix' thing. It is much like the tie wrap in this image: i.stack.imgur.com/q9k6y.jpg
–
HennesMay 31 '13 at 11:33